But DHS is trying not to repeat failures of previous cyber contracts where
agencies didn't understand what they were buying or just didn't take advantage of
the products and services.

Instead, the agency is teaming with the SANS Institute to provide a one-day free
training
course detailing what CISOs and their staffs need to do to make continuous
monitoring a reality inside their agencies.

"What's key is, how do we overcome the barriers that have kept government agencies
from doing a better job of securing their systems? And getting to continuous
monitoring has been one of those problem areas. The more data you collect because
you are monitoring more continuously, the more you have to do something with that
data," said John Pescatore, the director of emerging security trends for SANS.
"You need technologies and processes to make that data work, and government
agencies have found that can be expensive, manpower intensive. So the purpose of
the workshops is to essentially highlight decision frameworks and processes
government agencies can put into action to take advantage of the funding from this
program that offers them both products and services completely funded by
Congressional funding."

Funding available; policy coming

Congress provided more than $180 million in the fiscal 2013 continuing resolution
to help agencies implement continuous monitoring.

Pescatore said the BPA will help reduce procurement costs, but agencies need
implementation help.

"The workshops are there to help them put together the right plans, the right
processes and the right timelines to be able to deploy these products, integrate
them, use their automation capabilities to take the some of the workload off the
government's security operations people and hear about the future of reporting and
certification and accreditation of government systems and how that changes if you
sign on to the continuous monitoring efforts," he said.

SANS and DHS plan to host the workshop Nov. 6 in Washington. It will feature
speeches and panels with Gene Dodaro, the Comptroller General of the U.S. from the
Government Accountability Office, DHS' director of Federal Network Resilience John
Streufert, and Jane Lute, former DHS deputy secretary and now CEO for the Council
on CyberSecurity. The session is free to federal employees, and contractors must
pay to attend.

Additionally, Pescatore said the 17 vendors on the CDM contract can pay for the
opportunity to present their products or services during the "shootout" part of
the workshop. This is where vendors will be presented with real-world cyber
scenarios and will get the opportunity to describe how their product or service
would help mitigate the risk or vulnerability.

Pescatore said the goal is for CISOs and staffs to gain a better understanding in
three key areas of continuous monitoring: vulnerability assessment, PC and server
security and log management and security event management.

"The first thing will be to walk away with a better understanding of the
technologies, how they work, how they integrate with things the government already
is doing, and which of the 17 integrators are offering which products and which
services," he said. "They will come back the next day and take advantage of the
CDM contract to start getting products and services procured to increase the
security of your agency."

Pescatore said agencies have struggled to process the data continuous monitoring
produces.

"If you find only as many vulnerabilities as you could deal with are you better
off if you found lots more vulnerabilities but you didn't have the resources to
deal with them, then you might be in a worse position," he said. "For years, in
the government more vulnerability scanning simply meant more data about
vulnerabilities we couldn't do anything about. So the mitigation part of the
continuous diagnostics and mitigation contract is about making it easier to patch
PCs and applications faster, and applications' vulnerabilities as well."

Pescatore said over the long term, CISOs and others will better understand how
these CDM efforts will fit in with federal cybersecurity changes over the next
year or more.

SANS approached DHS
earlier this year for a speaker for a webinar on continuous monitoring. Pescatore
said the webinar garnered 1,000 restraints and was a success. SANS is using the
workshop to expand the issues covered in the webinar.